Dell Laptop Security Issue

Gromett · Nov 24, 2015

Dell have installed a Trusted root certificate on a lot of Laptops. This is a security risk as it means a bad actor could use this to strip away any SSL/HTTPS encryption of your site in certain circumstances.

Dell have admitted to this and provided instructions on how to delete it.

Computers, Monitors & Technology Solutions | Dell UK

Dell provides technology solutions, services & support. Buy Laptops, Touch Screen PCs, Desktops, Servers, Storage, Monitors, Gaming & Accessories

en.community.dell.com

The instruction are here.

https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx

I have just followed them on an XPS13 (Jan 15) and they worked as described.

Gromett · Nov 24, 2015

PS: if you want to find out more what this is about just google
eDellRoot key

and

Superfish.

sabrinadestiny · Nov 24, 2015

Does it really matters?

buttons · Nov 24, 2015

sabrinadestiny said:
Does it really matters?

Hi sabrinadestiny and welcome to a wet and windy motorhome fun.

ROB1CHELSEA1 · Nov 24, 2015

How strange my Dell lap top packed up yesterday

Gromett · Nov 24, 2015

sabrinadestiny said:
Does it really matters?

YES!!! in a word. It makes your laptop easily hackable. I am sorry but I do banking on mine.

It is especially risky for us travelling types as we tend to use wifi away from home which is one of the ways that hackers can use this certificate authority to get in.

Judge Mental · Nov 24, 2015

Gromett said:
Dell have installed a Trusted root certificate on a lot of Laptops. This is a security risk as it means a bad actor could use this to strip away any SSL/HTTPS encryption of your site in certain circumstances.

Dell have admitted to this and provided instructions on how to delete it.

http://en.community.dell.com/dell-b...e-to-concerns-regarding-edellroot-certificate

The instruction are here.
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx

I have just followed them on an XPS13 (Jan 15) and they worked as described.

pardon my ignorance and nervousness....but are these links kosher?

Gromett · Nov 24, 2015

Judgemental said:
pardon my ignorance and nervousness....but are these links kosher?

Yes, but well done for questioning them.

Copy and paste them in a text editor. Then look at the bit directly before the first / (disregard the http://)
You can see that the domain name is dell.com and not de11.com for instance.

If you are still concerned. Type en.community.dell.com into your browser then copy and past the path (the bit after the /) to remake the URL using the full dell domain.

Gromett · Nov 24, 2015

Just a quick explainer for those who don't know.

http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

The bit in red is the protocol. This can be either http:// for normal web. https:// for secure web.
The bit in blue is called the hostname or subdomain.

The bit in green is the important bit and is the bit that needs to be spoofed by a bad actor if they want to take you elsewhere. It is called the domain name.
The bit in black is called the path. And is the same as a path on your own computer to a file. for instance c://my documents/spreadsheets/

If you are unsure about a link. Hover over the link on the page and look near the bottom of your browser window. It will show the destination of the link. For instance this link here http://www.motorhomefun.co.uk looks like it comes back here but actually goes to google.

The other trick that they will use is to replace characters that look the same. The lower case L and the Number 1 ( 1 and l) are common.

If you are ever unsure. Google for the company, type the companies domain in then add the linked path. You will definately be going to the companies official website, and if the path is wrong it will give a 404 page not found error.

There is more to it than this but basically never click on a link unless you are sure of the source.

NEVER, click on a link in an email because the source could have been hacked or faked. Unless the person sending you the link has told you by another channel that they are sending you the email with a link.

nomadic · Nov 25, 2015

Hi Gromett,

Thanks for the pointer re the certificate.

Is this a recent certificate, My Dell is coming up four years old, and I am wondering if I need to run the programme at all.

I have down loaded it, but thought I would ask first.

Thanks in anticipation.

Gromett · Nov 25, 2015

Sorry, Dell hasn't told us which models or what year are affected. I just looked on mine to see if the cert was there and it was.

Dell Laptop Security Issue

Gromett

Computers, Monitors & Technology Solutions | Dell UK

Gromett

sabrinadestiny

Free Member

buttons

ROB1CHELSEA1

^{_{Subscribers do not see these advertisements}}

Gromett

Judge Mental

Gromett

Gromett

nomadic

^{_{Subscribers do not see these advertisements}}

Gromett

Latest journal entries

Europe 2023

UK to Cyprus - Week 1, France

Alcoceber or Bust! Autumn Awaycation 2024